SciLinux: Important: ghostscript on SL7.x x86_64

    Date16 Oct 2018
    447
    Posted ByAnthony Pell
    It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509) * ghostscript: LockDistillerParams type confusion (699656) (CVE-2018-15910) * ghostscript: .definemodifiedfont mem [More...]
    Synopsis:          Important: ghostscript security update
    Advisory ID:       SLSA-2018:2918-1
    Issue Date:        2018-10-16
    CVE Numbers:       CVE-2018-10194
                       CVE-2018-16509
                       CVE-2018-15910
                       CVE-2018-16542
    --
    
    Security Fix(es):
    
    * It was discovered that the ghostscript /invalidaccess checks fail under
    certain conditions. An attacker could possibly exploit this to bypass the
    - -dSAFER protection and, for example, execute arbitrary shell commands
    via a specially crafted PostScript document. (CVE-2018-16509)
    
    * ghostscript: LockDistillerParams type confusion (699656)
    (CVE-2018-15910)
    
    * ghostscript: .definemodifiedfont memory corruption if /typecheck is
    handled (699668) (CVE-2018-16542)
    
    * ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix
    function in gdevpdts.c (CVE-2018-10194)
    --
    
    SL7
      x86_64
        ghostscript-9.07-29.el7_5.2.i686.rpm
        ghostscript-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-cups-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-debuginfo-9.07-29.el7_5.2.i686.rpm
        ghostscript-debuginfo-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-devel-9.07-29.el7_5.2.i686.rpm
        ghostscript-devel-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-gtk-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-9.07-29.el7_5.2.src.rpm
      noarch
        ghostscript-doc-9.07-29.el7_5.2.noarch.rpm
    
    - Scientific Linux Development Team
    

    Comments powered by CComment

    LinuxSecurity Poll

    Which Linux distribution(s) do you use?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 5 answer(s).
    /component/communitypolls/?task=poll.vote
    7
    radio
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.